<?php
    $libraryid = $_POST['libraryid'];
    $location = $_POST['location'];
    $password  = $_POST['password'];

   require('config.php');

    $db = mysql_connect(DB_SERVER,DB_SERVER_USERNAME,DB_SERVER_PASSWORD);
    $connect = mysql_select_db(DB_DATABASE) or die('Could not select database');
     if($connect == true)
    {
      //echo"connected";
    }
    if($db == false)
    {
      echo"Cannot connect to the server.";
    }
   // $query2 = "SELECT * FROM tbllibrary WHERE libraryNo=''"
    $query2 = "SELECT * FROM tblclient WHERE librarycardNo like '$libraryid' AND libraryNo like '$location'";
    $result2 = mysql_query($query2);
    while ($row = mysql_fetch_array($result2))
    {
      $stat = $row['stat'];
      $userID = $row['userID'];
      $firstName = $row['firstName'];
    }

    $query4 = "SELECT password('$password')";
    $result4 = mysql_query($query4);
    while ($row = mysql_fetch_array($result4))
    {
      $passw = $row["password('$password')"];

    }
/*
 echo"--";
    echo "$stat";
    echo"--";
*/

    if($stat == '0')
    {
      echo"<script> alert('Please activate your account.');</script>";
      echo("<script> document.location.href='activate.php'</script>");
    }
    if($stat == '3')
    {
      echo"<script> alert('Sorry, your account is blocked for reservation.');</script>";
      echo("<script> document.location.href='index.php'</script>");
    }
    else
    {
        $query1 = "SELECT * FROM tblclient WHERE librarycardNo like '$libraryid' AND libraryNo like '$location' AND cpassword = '$passw'";
        $result1 = mysql_query("$query1");
        $num = mysql_num_rows($result1);
        while ($row = mysql_fetch_array($result1))
        {
          $firstName = $row['firstName'];
        }

       if($result1 && $num == 1)
        {
           setcookie("user", $userID);
           setcookie("firstName", $firstName);
           setcookie("libraryCardNo",$libraryid);
           echo("<script> document.location.href='index.php'</script>");

        }
        else
        {
            echo"<script>alert('Invalid ID and/or password.');</script>";
            echo("<script> document.location.href='account.php'</script>");
        }
        
    }
   // print_r($_COOKIE);

?>


